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Method and Device for Loading Input Data mto an Algorithm When Performing an 

Authentication 

a - method ag doacrib f 



ss ^ a - mcthod ag doacrib e d in - detail in lllC pica 



Thef mvention relates. 
A 




• Mcthodo of tholdnd rcfciTcd to here aic fl »ait>wn, for example, from ETSI D/EN/TE 

/ ^ 
0901 14, Terminal Equipment (TE) Recmirements for IC Cards and Terminals for 

Telecommunication Use, Part 4 - Payment Methods, version 4, of February 7, 1992, 

and from the European Patent Application 0 605 070. 

In addition to phone cards, which hdve a defined initial credit balance as a payment 
means for card-operated phones, "dectronic cash cards", which work according to the 
same principle, are gaining in sigmficance as a means for paying limited amounts. In 
"pay with chip card" applications/ a card reader module having a security module SM 
for verifying the card and the balance amount are integrated in the automatic machine. 

^^f'O 605 070 A2 also describ^ a method for transferring credit and debit amounts to 
and from chip cards, memory locations of a chip card having overwrite capability 
being divided into at least twh memor^ioGatiens; one of these having a "debit 
function", thus acting as an |electronic purse" similarly to a phone card, and the other 
having a "credit function" Jong the lines of a credit card. To replenish the "electronic 
purse", provision is made for cash amounts to be transferred between the areas under 
the secured conditions that are typical for credit cards. 



25 To both avoid the dange^of unauthorized access to the automatic teller machines and 

their permanently installed security modules, as well as eliminate the need for 



dedicated lines which are specially protected and, thus, expensive for the operator, 
.d^ ^-^^(P9:^t1^*)-pFep©s©4-a-^ prior to any cash transaction, the operator of 

the automatic cash machine inserts a security module having chip card functions into 
lA- the automatic cash ^machme an drdtaftfig each cash transaction that involves a 

5 cardholder inserting his or her electronic cash card into an automatic cash machine, 

data areas of the chip card are first read out to permit a plausibility check and to verify 
^ the remammg credit balancG; after tli at, an authentication is perfomied using the 

security module and a single or multiple acceptance decision is mode; ond - fe mfty, the 
cash amount due or input is either debited to the cardholder's chip card with the aid of 
10 a security function, or added to a summing counter for cash amounts in the security 

^ 0^ ^moduki follo\vIug the cash transactions, the counter content of the security module 

-£i having chip card functions is transferred to a clearinghouse. 

* object of the present invention is to further enhance the security of automatic cash 

fu 15 machines for the electronic cash p«rses-^to prevent unauthorized manipulation and 

malfunctions. 

^ 20 Adx 'a ntag eQu s^^ariants or further developm en t c ^ pf thi^ m. ili . t.1 1. ■ ■ lih i' /l ; ■ ■ \^ — 

rhn mrtrri"in[- p ni -tn nf d rprndrnt Tlnimn m t hrn n c h R. 

Thi=^ ^harcirt^rizinc of Claim 9 jde scrib es a device which \r , r . uitnhlo fo T:^l4^e 

applicat-ion of the m elh^dry^ 

25. 

- Thfl ohf^nntnri*>^in g ,^art ^ ^ f ^^p^^^^^^ ^^''^^"^^ lOthrrni^rii 11 nnnt.ii i r.T drnrntfrgf^oiis 

T he - inventix^iLJnclnHing its; effen tfi - ofivf^rH^H^j m i wI fii-4 4g^f_applk^fl±.i^^ 
30 -in detail by Llie fullow4ttg-e?tampleSy 
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Authentication algorithms are typically used to enable reliable identification. Often 
entering into the authentication methods, besides the identity of a chip card, of a 
person, and possibly of a security module SM, are other data, - as wcU^ which have to 
be verified. An authentication method can be applied, for example, to non-secret card 
5 data D, together with a secret key K, and a random number Z. For the sake of security 

when working with thcelectronic cash cards, separate security functions are used for 
debiting and crediting, and each of these_secuntj^^JLi^^ using a 

cryptographic checksum. 



1 0 The method of the present invention enables the debit and credit transactions to be 

carried out using a cryptographic token, llic cuiidi l iuu buliig that the authentication 

1, A 

and cryptographic checksum process are performed on t he cou nter content using a 
challenge/response method. A single challenge/response method can then be applied, 
whereby only onerand om numb er is provi de d by the securityjnodule SN Iand only 
1 5 one response is calculated by the chip card, to verify both the identity (authentication) 

as .well as the internal counter content with respect to the security module SM. 

Thi^^^an be achieved^ift4hat the variable input data, such as the counter content and 

the random number,^l4^itially processed internally using "keyed hash^^^^^oSs^ ^ ^ 
A A 

20 MAC functions. In the process, the card-specific secret key of the chip card is used as 

^ the key. The two tokens extracted from counter content and the random number eatt-^ 

A 

then be linked together, for example, (in a perhaps cryptographically unsecured way) 
by XOR or by using a linear-feedback shift register, and then be o^^ut, ^ith their ^ ^ 
integrity being protected, using a cryptographic function that is % ^ (^^k^^^ ^^^ 

This method is of practical use ^insofar as the keyed hash functions, which are only 
used internally, do not have to meet any particularly high requirements with regard to 
their security, and relatively simple functions can be used since the results of these 
functions do not leave the chip card. Nevertheless, data manipulation is effectively 
30 prevented with this method. 
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^Thc' exemplary embodiment of the present invention assumes that a linear- feedback 



shift register (LFSRl having an additional nonlinear function and downstream 
i/i — counters is usedj ' 

5 ^ Additional feedback circuits are switched into the linear-feedback shift register 

LFSR following the downstream counters. 



Input data, composed of the non-secret card data D and the secret key K, are 
read into the linear-feedback shift register LFSR, while both the feedback of 
10 the linear-feedback shift register LFSR, as well as the additional feedback(s) 

are active. 



A certain number of clock pulses is processed without additional input data 
^ being read in. 

ft 15 

"51^ Input data made up of the random number R are read in while both the 
feedback of the LFSR and the additional feedback(s) are active, 

\ The additional feedback circuits are switched off, and the counters are reset, if 
20 necessary. 

(/\^ \ A certain number of clock pulses is processed, and, during these pulses, output 

bits are generated according to the current counter settings. 
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